Introduction to Secure Debug#

Debug Lock#

All devices require the capability to lock out debug access to the device. This prevents attackers from using the debug interface to perform the following illegal operations:

• Reprogramming the device

• Interrogating the device

• Interfering with the operation of the device

A fairly standard practice during the board-level test in production is to program, test, and lock the parts.

Three different locks can be enabled on the Series 2 debug interface:

• Standard-debug-lock

• Permanent-debug-lock

• Secure-debug-lock

Silicon Labs provides Custom Part Manufacturing Service (CPMS) to securely configure the debug port of the chip to one of the three possible locks before the devices leave the factory.

Debug Unlock#

Users need to unlock parts under a number of circumstances:

• Code development

• Field failure diagnosis

• Product field service

• Existing inventory reprogramming

Two different unlocks can run on the Series 2 debug interface:

• Standard-debug-unlock

• Secure-debug-unlock